|
Posted by Duane Arnold on March 29, 2006, 3:39 am
If you were Registered and logged in, you could reply and use other advanced thread options
> In our company, we enable only the ACCEPTED packet logging (cisco
> firewall) ? I wonder the advantage of deny or rejected pakets logging
> also i.e. (full logging). Any idea ? What type of analysis can be done
> at that time?
>
I would think the ability to get a total picture of all traffic hitting the
FW that's being rejected. I particularly like to keep track or keep an eye
on remote IP(s) the same IP coming at the FW numerous times and run analysis
reporting on how many times the same IP is coming at the FW by day, week and
month. I have not done it that often maybe 3 or 4 times that I have set a
rule on my Watchguard that I denied specific IP(s) that were coming just a
little to hard, even if the unsolicited traffic was being rejected by the
FW. It's just me, but I don't like flying half blind and want to see all
aspects of what's happening from time to time.
Duane :)
| 
XML site map